-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathapp.js
95 lines (82 loc) · 2.3 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
const express = require('express');
const path = require('path');
const cookieParser = require('cookie-parser');
const logger = require('morgan');
const jwt = require('jsonwebtoken');
const app = express();
const secret = 'SSSSSSHHH';
const cookieSecret = 'BeVewyQuiet';
app.use(logger('dev'));
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(cookieParser(cookieSecret));
app.use(express.static(path.join(__dirname, 'public')));
// This is middleware that checks the JWT token in the cookie to see if it's valid
// if it is, we call next(), otherwise we send a 401 Unauthorized
const authRequired = (req, res, next) => {
// We grab the token from the cookies
const token = req.signedCookies.token;
// jwt verify throws an exception when the token isn't valid
try {
jwt.verify(token, secret)
}
catch (error) {
res.status(401).send({
loggedIn: false,
message: "Unauthorized"
});
return;
}
next();
}
const users = {
testuser: 'password'
}
// Logs a user in
// Normall we would check the DB, but we are just using hardcoded users in this demo
app.post('/login', (req, res, next) => {
const { username, password } = req.body;
console.log(req.body);
if (users[username] && users[username] === password) {
// We sign a JWT and store it in a cookie on the response.
// The browser will store it and send it back down
res.cookie('token', jwt.sign({
username
}, secret),{
sameSite: 'strict',
httpOnly: true,
signed: true
})
res.send({
loggedIn: true,
message: "Successfully Logged In"
});
} else {
res.status(401).send({
loggedIn: false,
message: "Unauthorized"
});
}
});
// This is an authenticated route, it uses our authRequired Middleware
// You can't see this unless you are logged in
app.get('/authenticated', authRequired, (req, res, next) => {
res.send({
loggedIn: true,
message: "Congrats you can see this"
});
});
// This logs the user out by clearing the token cookie
app.get('/logout', (req, res, next) => {
// We just clear the token cookie to log the user out.
res.clearCookie('token', {
sameSite: 'strict',
httpOnly: true,
signed: true
});
res.send({
loggedIn: false,
message: 'Logged Out'
});
});
module.exports = app;